cscope -- buffer overflow vulnerabilities

Details

VuXML ID

72d8df84-ea6d-11da-8a53-00123ffe8333

Discovery

2004-11-11

Entry

2006-05-23

Jason Duell reports:

Cscope contains an alarming number of buffer overflow
vulnerabilities. By a rough count, there are at least 48 places
where we blindly sprintf() a file name into a fixed-length buffer
of size PATHLEN without checking to see if the file's name
is <= PATHLEN. We do similar things with environment variable
values.